1. Field of the Invention
The invention described herein is directed to secure computing via communications with remotely located network domains. More specifically, the invention disclosed herein provides a secure environment for remote computing with multiple network domains using a Defense-in-Depth configuration of commercial off-the-shelf (COTS) components and technologies.
2. Description of the Prior Art
In recent years, as the desire for remotely accessing sensitive information over wide area networks, e.g., the Internet, has increased, much effort has been directed toward insuring the security of transmitted data. Encryption and encapsulation techniques have led to the development of virtual private networks, whereby a user may conduct computer transactions on a remote system from a local computer, provided the user is in possession of the appropriate credentials. Virtual private network technology has led to the proliferation of so-called “telecommuters”, i.e., persons who perform their duties from their home and, via a home computer and a virtual private network, has access to their company's computer files remotely located on their company's server.
Remote access to sensitive data requires numerous safeguards so that access thereto is restricted to those who have the appropriate permissions. Such safeguards have, until recently, required non-trivial expansion of an organization's network infrastructure and maintenance requirements and have often required specially designed hardware and/or software. However, due to the high demand for inexpensive and easily maintained security measures, much of the technology has been standardized and incorporated in commercial off-the-shelf (COTS) components. It is now possible for an enterprise to exchange data with remote equipment in a secure manner at a reasonable price.
Certain industries, however, have exceptional security demands due to the nature of the data involved. The military and intelligence communities have strict security policies, especially when the data are vital to National Security. The healthcare industry also has considerable privacy concerns, as do financial institutions where a lapse in data security may result in unrecoverable liabilities. Software development companies also require secure data handling, especially when more than one developer or programmer is operating on a large software project and each requires access to source code files located on servers of separate organizations.
In many cases, an organization maintains its data at ordinal sensitivity levels in separate security network domains. In such environments, a further concern lies in the transfer of data from one domain to a domain of a lesser security requirement. Thus, while it may still be a desirable feature of a multiple-security domain enterprise to allow certain users simultaneous or near-simultaneous access to data from different security zones, additional restrictions must be implemented to insure the containment of data at its designated security level.
A system for secure computing that maintains containment of sensitive data from non-sensitive data is disclosed in U.S. patent application Ser. No. 09/854,818, filed on 14 May 2001, and published as U.S. Patent Application Publication #2002/0169987A1. The disclosed computer system provides a secure computing environment by executing a type II virtual machine monitor on a host operating system platform. The virtual machine monitor spawns a user-definable number of sensitive virtual machines for processing sensitive (classified) data and a user-definable number of non-sensitive virtual machines for processing non-sensitive (unclassified) data. Each of the sensitive virtual machines is isolated from all other virtual machines and operates independently thereof. While the system disclosed addresses the containment of data at a particular user station, it fails to provide a complete enterprise solution. For example, the invention does not contemplate a deliberate attempt to compromise the containment of data if a specially configured computing device were to be inserted into the network of the client device disclosed in the Published Patent Application.
Averting malicious and deliberate attacks on secure networks is among the highest priorities for information technology managers and designers. In the early days of widespread networking, such as via the Internet, defense mechanisms involved the installation of proprietary hardware and software, specially adapted to an end-user's application. However, such mechanisms are notoriously expensive, difficult to maintain, and resistant to system expansion and upgrade.
In recent years, a more practical approach to information assurance has emerged, which relies on multiple, more easily implemented technologies to defend against attempted attacks on an organization's secure data or system. This type of security has come to be known as Defense-in-Depth (D-in-D), and is based on the premise that defeating successive security measures is much more difficult than defeating a single security perimeter. D-in-D also allows a security system designer to implement a total security solution in easily maintained, off-the-shelf components.